Finding a balance between fighting crime and privacy – the use of metadata
Last April, the Portuguese Constitutional Court declared unconstitutional the provisions of articles 4, 6, and 9 of...
Access Granted: DSAR changes for data controllers granting access to health data
Updated regulations in Ireland regarding data subjects' access to their health data emerged in March 2022. The new...
The use of CCTV in light of the Luxembourg National Commission for Data...
In 2021, the Luxembourg National Commission for Data Protection (the “CNPD”) issued 48 decisions following...
AP applies incremental penalty authority to the fullest
It is the first time in history that the Dutch Data Protection Authority (DPA) has identified six violations of the...
Cross Border Transfers: Recent Developments
Generally, data transfers to third countries are prohibited unless the receiving country has received an adequacy...
Shaping the limits of the Right to be Notified in 2022 Israel.
The Israeli Privacy Protection Authority recently published a new memo aimed to clarify the scope of interpretation...
Facial recognition systems: 20 million fine against the American company...
"Not everything that is technically possible is legally and ethically lawful." These are the words of Guido Scorza,...
Seven Key figures from the Irish Data Protection Commission’s 2021 Annual Report
On 24 February 2022, the Data Protection Commission released its 2021 Annual Report (the “Report”) running to over...
Data retention overturned? Aftermath to the private sector?
The European Court of Justice has not just brought its settled case-law on data retention in line. Furthermore the...
Argentina's Data Protection Authority publishes its 2021 Annual Report
Argentina’s data protection authority, the Agency of Access to Public Information, i.e. the controlling authority...
Can audio surveillance be justified?
At the end of 2021, the Estonian Data Protection Inspectorate (DPA) issued a precept to a gas station using audio...
China’s New Regulations on Controlling Algorithmic Recommendations in...
The Cyberspace Administration of China (CAC) has circulated the Regulations on the Management of Algorithm...
Three criteria for the elaboration of the Regulation to the Ecuadorian data...
Ecuador continues to build its personal data protection system, for which those responsible for developing the...
Unpacking the New Privacy Regime in India: The When, Who, What, and How?
The new Indian Privacy law mimics GDPR when it requires a ‘privacy by design’ architecture, sets up a central data...
The destruction of the algorithm: the new sanction for breaching the GDPR?
Since 2019, The Federlñ Trade Commission (FTC) has been seeking ways to punish the new digital unfair practices,...
Personal data protection in Ecuador, a few steps forward
The process of designating the Personal Data Protection Authority, the next milestone in the construction of the...
CCTV monitoring and the practice of the Hungarian DPA
CCTV monitoring has long been a key field for the Hungarian DPA. The article summarizes the DPA’s practice, as well...
Expensive update for Tesla: Car seller liable for failing to provide essential...
In September 2021, Munich’s regional court (the LG Munich) awarded a plaintiff 130,446 euros in damages. A vehicle...
Schrems II resolved? Unpacking the EU-US Trans-Atlantic Data Privacy Framework
The United States and the European Commission have agreed in principle to a new Trans-Atlantic Data Privacy...
Important concepts in cross-border transfer of data from China
The Data Security Law (“DSL”) and Personal Information Protection Law (“PIPL”) of mainland China, which came into...